Hello,
I was testing / debugging some sub-zone delegation for a friend's domain
(something about email marketing service that want's their clients to
delegate a subzone to their NSs) and couldn't quite see the issue -
apart from my local resolver reporting 'SERVFAIL':
; <<>> DiG 9.18.33 <<>
Hi,
The timings are based on RFC 7583 and "Flexible and Robust Key Rollover
in DNSSEC". They may help a great deal in understanding the time states.
https://datatracker.ietf.org/doc/html/rfc7583
https://nlnetlabs.nl/downloads/publications/satin2012-Schaeffer.pdf
See below for inline answers.
Hello,
Functional EDE 22 is available in Bind 9.20.6.
RFC say :
4.23. Extended DNS Error Code 22 - No Reachable Authority
The resolver could not reach any of the authoritative name servers (or
they potentially refused to reply)
Bind does not map a rcode REFUSED to EDE 22 so in your case I don'
Hi.
An ACL can match other ACLs, meaning that you can include the name of one
ACL in the definition of another.
Your config is being interpreted as:
acl "tsg_acl" {
Start the definition of an ACL called "tsg_acl", which will be followed by
a list of things to match, each of which must end with a s
Hi,
I'm trying out DNSSEC policy for the first time, and I am so confused about the
time states—how they calculate the time for the state of the records to change.
I really need help because I have a ton of questions (I'm using BIND 9.18.31,
btw). I want to understand how it works step by step,
Have you read:
https://kb.isc.org/docs/dnssec-key-and-signing-policy
and
https://bind9.readthedocs.io/en/latest/dnssec-guide.html
This RFC should give you some background too:
https://datatracker.ietf.org/doc/html/rfc6781
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and yo
6 matches
Mail list logo
